55 matches found
CVE-2026-6270
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...
CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...
CVE-2026-6270
Summary : The vulnerability affects the Node.js module @fastify/middie, specifically versions 9.3.1 and earlier. The root cause is that inherited middleware is not registered on child plugin engine instances, so when a Fastify app registers authentication middleware in a parent scope and then loa...
CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...
CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...
@fastify/middie 安全漏洞
@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of registration of inherited middleware on sub-plugin engine instances, which could lead to bypassin...
PT-2026-33320
Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description Inherited middleware is not registered directly on child plugin engine instances. When authentication middleware is registered in a parent scope and child plugins are registered with...
PT-2026-33323
Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description A middleware bypass exists when the deprecated ignoreDuplicateSlashes option is enabled. The middleware path matching logic fails to account for duplicate slash normalization performed by the...
@fastify/middie 安全漏洞
@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie 9.3.1 and earlier contained security vulnerabilities. These vulnerabilities occurred when the deprecated ignoreDuplicateSlashes option was enabled, as the middleware’s path matching logic did not...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
@andreacioni/saml2-nest-lib (=0.0.7), @apps-in-toss/web-framework (>=2.0.0 <=2.6.2) +220 more potentially affected by CVE-2026-2880 via @fastify/middie (>=8.0.0 <=9.1.0)
@fastify/middie NPM version =8.0.0, =2.0.0, =1.1.6, =1.0.5, =0.2.5, =0.0.6, =0.0.1, =0.0.1, =4.33.5, =2.0.7, =0.0.0-canary-20240602190113, =0.0.0-canary-20240602190113, =0.1.0, =0.7.1 and more Source cves: CVE-2026-2880 Source advisory: OSV:GHSA-8P85-9QPW-FWGW...
EUVD-2026-9049
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...
GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...
@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.7.1) +10 more potentially affected by CVE-2026-2880 via @fastify/middie (>=9.0.2 <=9.1.0)
@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-2880 Source advisory: SNYK:JS-FASTIFYMIDDIE-15366397...
CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
CVE-2026-2880
Summary: CVE-2026-2880 concerns a path normalization issue in @fastify/middie (versions
CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
@fastify/middie 安全漏洞
@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the path range middleware when using router normalization options, which could...